[Sebastian.Leske@sleske.name: Bug#637932: stunnel4: segfault if certificate file cannot be read during verification]
----- Forwarded message from Sebastian Leske Sebastian.Leske@sleske.name -----
Date: Mon, 15 Aug 2011 21:21:05 +0200
Package: stunnel4 Version: 3:4.40-1 Severity: normal
I use certificate verification with stunnel4 (verify=2 in stunnel.conf). I accidentally changed the access rights of a PEM file required for verification to be unreadable. As a consequence, stunnel4 incorrectly reports "Verification error: self signed certificateVerification error: self signed certificate" (the cert in question is not self-signed), then segfaults.
With stunnel4 version 4.29-1_i386, this does not occur: stunnel4 correctly reports that it cannot access the PEM file.
Log and backtrace (generated with setting foreground=yes in stunnel.conf):
Starting program: /usr/bin/stunnel4 /etc/stunnel/stunnel.conf [Thread debugging using libthread_db enabled] 2011.08.15 21:16:54 LOG5[9584:3082946768]: stunnel 4.40 on i486-pc-linux-gnu platform 2011.08.15 21:16:54 LOG5[9584:3082946768]: Compiled/running with OpenSSL 1.0.0d 8 Feb 2011 2011.08.15 21:16:54 LOG5[9584:3082946768]: Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6 2011.08.15 21:16:54 LOG5[9584:3082946768]: Reading configuration from file /etc/stunnel/stunnel.conf 2011.08.15 21:16:54 LOG6[9584:3082946768]: Compression enabled using zlib method 2011.08.15 21:16:54 LOG6[9584:3082946768]: Initializing SSL context for service pop3sl 2011.08.15 21:16:54 LOG6[9584:3082946768]: SSL context initialized 2011.08.15 21:16:54 LOG6[9584:3082946768]: Initializing SSL context for service https 2011.08.15 21:16:54 LOG6[9584:3082946768]: SSL context initialized 2011.08.15 21:16:54 LOG6[9584:3082946768]: Initializing SSL context for service ssmtp 2011.08.15 21:16:54 LOG6[9584:3082946768]: SSL context initialized 2011.08.15 21:16:54 LOG5[9584:3082946768]: Configuration successful [New Thread 0xb7fdfb70 (LWP 9593)] 2011.08.15 21:16:57 LOG5[9584:3086875504]: Service pop3sl accepted connection from 127.0.0.1:60903 2011.08.15 21:16:57 LOG6[9584:3086875504]: connect_blocking: connecting 213.187.93.221:995 2011.08.15 21:16:57 LOG5[9584:3086875504]: connect_blocking: connected 213.187.93.221:995 2011.08.15 21:16:57 LOG5[9584:3086875504]: Service pop3sl connected remote server from 192.168.1.101:39914 2011.08.15 21:16:57 LOG4[9584:3086875504]: CERT: Verification error: self signed certificate in certificate chain 2011.08.15 21:16:57 LOG4[9584:3086875504]: Certificate check failed: depth=2, /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA 2011.08.15 21:16:57 LOG3[9584:3086875504]: error queue: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb7fdfb70 (LWP 9593)] 0xb7ca2119 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 (gdb) bt #0 0xb7ca2119 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 #1 0xb7ca3c1b in calloc () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 #2 0x0804cd20 in ?? () #3 0x080574bf in ?? () #4 0x08057529 in ?? () #5 0x08058129 in ?? () #6 0x0804d945 in ?? () #7 0x0804e79b in ?? () #8 0x0804fafe in ?? () #9 0xb7f98c39 in start_thread () from /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 #10 0xb7d0196e in clone () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 (gdb)
-- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686)
Kernel: Linux 3.0.0-1-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
Versions of packages stunnel4 depends on: ii adduser 3.110 add and remove users and groups ii libc6 2.13-10 Embedded GNU C Library: Shared lib ii libssl1.0.0 1.0.0d-3 SSL shared libraries ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra ii netbase 4.34 Basic TCP/IP networking system ii openssl 1.0.0d-3 Secure Socket Layer (SSL) binary a ii perl-modules 5.12.4-2 Core Perl modules
stunnel4 recommends no packages.
Versions of packages stunnel4 suggests: pn logcheck-database <none> (no description available)
-- no debconf information
----- End forwarded message -----
Rodrigo Gallardo wrote:
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb7fdfb70 (LWP 9593)] 0xb7ca2119 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 (gdb) bt #0 0xb7ca2119 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 #1 0xb7ca3c1b in calloc () from /lib/i386-linux-gnu/i686/cmov/ libc.so.6
I think I was able to locate and fix this bug. Can you please try: ftp://ftp.stunnel.org/stunnel/stunnel-4.42b4.tar.gz ftp://ftp.stunnel.org/stunnel/stunnel-4.42b4-installer.exe and let me know if it works for you?
BTW: I start my vacation of Friday. If the fix I implemented works fine I could release stunnel 4.42 tomorrow. This could be very useful for the users of stunnel.
Mike
-
Michal Trojnara -
Rodrigo Gallardo